Skip to content

Bonjour `mDNSResponder`

How a DNS cache issue left me more confused about how DNS works in macOS than ever

I recently ran into some DNS issues, and so like always, I opened up CleanMyMac X and ran the ‘Flush DNS Cache’ maintenance script.

This usually does the trick. However, this time after querying for the service in question using dig, I was still hitting the old IPs. OK, that’s weird because CleanMyMac simply sends a SIGHUP to mDNSResponder to purge the DNS cache, something like this:

sudo killall -HUP mDNSResponder

I confirmed that it was sending the appropriate signal:

sudo log stream --info --predicate 'process == "mDNSResponder"'
sudo log stream --info --predicate 'process == "mDNSResponder"'
Filtering the log data using "process == "mDNSResponder""
Timestamp                       Thread     Type        Activity             PID    TTL
2023-06-26 18:30:54.592258+0530 0x394      Default     0x0                  194    0    mDNSResponder: [] SIGHUP: Purge cache

Okay, the logs say it purged the cache, but how do I know it actually did it? On Windows, I can do something like ipconfig /displaydns and it shows a list of all cached DNS entries. The equivalent of that (or the closest) in macOS is sudo killall -INFO mDNSResponder:

sudo killall -INFO mDNSResponder
2023-06-26 18:40:14.687612+0530 0x394      Default     0x0                  194    0    mDNSResponder: [] Sending SIGINFO to mDNSResponder daemon is deprecated. To trigger state dump, please use 'dns-sd -O', enter 'dns-sd -h' for more information

Maintaining/updating documentation has never been Apple’s strong suite. All right, fine, as you say. I’ll use dns-sd instead.

sudo dns-sd -O
XPC service returns error, description: State dump is only enabled in internal builds

Wtf? Why would you actively choose to disable this feature? I looked up the closest (and previous) builds of mDNSResponder, and found some answers:

typedef enum
    full_state_to_stdout = 3,           // Dump state to STDOUT
} DNSStateInfo;

Apple allowed you to dump state till build 1310.140.1, but for privacy reasons, they started logging DNS queries to os_log as private. In fact, a previous build of mDNSResponder explicitly states that.

// Feature: Support for having finer granularity of log redaction, by using os_log based-log routine.
// Radar:   <rdar://problem/42814956>
// Enabled: Yes.
    #define MDNSRESPONDER_SUPPORTS_APPLE_OS_LOG                     1

So… I should technically be able to use log to access the private data. Right? Wrong.

sudo log config --mode private_data:on
log: Invalid Modes 'private_data:on'

After some research, I ran into this article, which basically states that without turning off System Integrity Protection (SIP), there is no easy way to get around the above error.

So if you’re a macOS user, you are left with no plausible way to find out your cached DNS entries. At least you can still purge them manually. For now.